【vyos】vyosでBGPを使う

vyosではbgpに対応している。
bgpは異なるネットワーク間の配下のリソースが相互にルーティングさせることができるようになる。というようなプロトコル。
実際の用途としては、システム内に複数のネットワークがあり、それを相互に接続したり、拠点間のネットワークを接続するときなどに使う。

ネットワーク設定

vyos1側のネットワーク設定

set interfaces ethernet eth0 address 172.16.101.1/24
set interfaces ethernet eth1 address 192.168.50.201/24
set protocols static route 0.0.0.0/0 next-hop 192.168.50.1

vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address         MAC                VRF        MTU  S/L    Description
-----------  -----------------  -----------------  -------  -----  -----  -------------
eth0         172.16.101.1/24    00:15:5d:0b:b3:29  default   1500  u/u
eth1         192.168.50.201/24  00:15:5d:0b:b3:2f  default   1500  u/u
lo           127.0.0.1/8        00:00:00:00:00:00  default  65536  u/u
             ::1/128

vyos2側のネットワーク設定

set interfaces ethernet eth0 address 172.16.102.1/24
set interfaces ethernet eth1 address 192.168.50.202/24
set protocols static route 0.0.0.0/0 next-hop 192.168.50.1

vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address         MAC                VRF        MTU  S/L    Description
-----------  -----------------  -----------------  -------  -----  -----  -------------
eth0         172.16.102.1/24    00:15:5d:0b:b3:2a  default   1500  u/u
eth1         192.168.50.202/24  00:15:5d:0b:b3:30  default   1500  u/u
lo           127.0.0.1/8        00:00:00:00:00:00  default  65536  u/u
             ::1/128

bgp設定

vyos1側のbgp設定

# vyos側
set protocols bgp system-as 65001
set protocols bgp neighbor 192.168.50.202 remote-as 65002
set protocols bgp neighbor 192.168.50.202 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 192.168.50.202 update-source 192.168.50.201
set protocols bgp timers holdtime 30
set protocols bgp timers keepalive 10

# 対抗側に経路宣伝する
set protocols bgp address-family ipv4-unicast network 172.16.101.0/24

vyos2側のbgp設定

# vyos側
set protocols bgp system-as 65002
set protocols bgp neighbor 192.168.50.201 remote-as 65001
set protocols bgp neighbor 192.168.50.201 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 192.168.50.201 update-source 192.168.50.202
set protocols bgp timers holdtime 30
set protocols bgp timers keepalive 10

# 対抗側に経路宣伝する
set protocols bgp address-family ipv4-unicast network 172.16.102.0/24

両方を設定するとbgp設定がupする。
vyos1

# Up/Downが開始されている
vyos@vyos:~$ show ip bgp summary

IPv4 Unicast Summary (VRF default):
BGP router identifier 192.168.50.201, local AS number 65001 vrf-id 0
BGP table version 2
RIB entries 3, using 288 bytes of memory
Peers 1, using 20 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
192.168.50.202  4      65002         9         9        2    0    0 00:00:46            1        2 N/A

Total number of neighbors 1

vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [1/0] via 172.16.101.254, eth0, weight 1, 00:14:46
  *                 via 192.168.50.1, eth1, weight 1, 00:14:46
C>* 172.16.101.0/24 is directly connected, eth0, 00:15:50
B>* 172.16.102.0/24 [20/0] via 192.168.50.202, eth1, weight 1, 00:01:26 # 対向のvyosから渡ってきたBGP設定
C>* 192.168.50.0/24 is directly connected, eth1, 00:14:46


vyos@vyos:~$ ping 172.16.102.1 count 3
PING 172.16.102.1 (172.16.102.1) 56(84) bytes of data.
64 bytes from 172.16.102.1: icmp_seq=1 ttl=64 time=0.309 ms
64 bytes from 172.16.102.1: icmp_seq=2 ttl=64 time=0.270 ms
64 bytes from 172.16.102.1: icmp_seq=3 ttl=64 time=0.312 ms

--- 172.16.102.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2036ms
rtt min/avg/max/mdev = 0.270/0.297/0.312/0.019 ms

vyos2

# Up/Downが開始されている
vyos@vyos:~$ show ip bgp summary

IPv4 Unicast Summary (VRF default):
BGP router identifier 192.168.50.202, local AS number 65002 vrf-id 0
BGP table version 2
RIB entries 3, using 288 bytes of memory
Peers 1, using 20 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
192.168.50.201  4      65001         6         6        2    0    0 00:00:14            1        2 N/A

Total number of neighbors 1


vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [1/0] via 172.16.102.254, eth0, weight 1, 00:13:13
  *                 via 192.168.50.1, eth1, weight 1, 00:13:13
B>* 172.16.101.0/24 [20/0] via 192.168.50.201, eth1, weight 1, 00:03:27 # 対向のvyosから渡ってきたBGP設定
C>* 172.16.102.0/24 is directly connected, eth0, 00:17:38
C>* 192.168.50.0/24 is directly connected, eth1, 00:13:13


vyos@vyos:~$ ping 172.16.101.1 count 3
PING 172.16.101.1 (172.16.101.1) 56(84) bytes of data.
64 bytes from 172.16.101.1: icmp_seq=1 ttl=64 time=0.267 ms
64 bytes from 172.16.101.1: icmp_seq=2 ttl=64 time=0.282 ms
64 bytes from 172.16.101.1: icmp_seq=3 ttl=64 time=0.262 ms

--- 172.16.101.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2076ms
rtt min/avg/max/mdev = 0.262/0.270/0.282/0.008 ms

vyos1-1のネットワーク設定

set interfaces ethernet eth0 address 172.16.101.2/24
set protocols static route 0.0.0.0/0 next-hop 172.16.101.1/24
set service ssh

vyos2-1のネットワーク設定

set interfaces ethernet eth0 address 172.16.102.2/24
set protocols static route 0.0.0.0/0 next-hop 172.16.102.1/24
set service ssh

一通り設定したらvyos1-1からvyos2-1へ、その逆へのpingが疎通するかチェック